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Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )M Responsive to communication(s) filed on 14 November 2001 . 
2a)Q This action is FINAL. 2b)S This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) M Claim(s) 1-19 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) IEI Claim(s) 1-19 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)D The drawing(s) filed on 14 November 2001 is/are: a)D accepted or b)Q objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
1 1 )D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-1 52. 
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a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

20 Certified copies of the priority documents have been received in Application No. . 

30 Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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1 . Claims 1 -1 9 are pending. 
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Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

2. Claims 1-4,8-19 are rejected under 35 U.S.C. § 102(e) as being anticipated by 
Davis et al [Davis 6,088,805] 

3. As per claim 4, Davis discloses an apparatus for processing a subject name 
included in a personal certificate, comprising: 

a part that receives a personal certificate [Davis, user identity, user certification, 
col 6 lines 9-46]; 

a part that extracts a predetermined element in a hierarchy of a subject name 
included in the received personal certificate [Davis, filtering the selected data, col 9 lines 
40-56]; and 

a part that determines an access right based on a value of the predetermined 
element [Davis, access rights granted based upon the issuing CA, col 7 lines 45-53; 
predefined filter rules, col 8 lines 54-63]. 



Application/Control Number: 09/987,41 8 Page 3 

Art Unit: 2142 

4. As per claim 1 , Davis discloses an apparatus (or web server) for processing a 
subject name included in a personal certificate [Davis, Web server, col 4 lines 29-64], 
comprising: 

a part that receives a personal certificate (i.e.: personal ID) [Davis, user identity, 
user certification, col 6 lines 9-46]; 

a part that verifies the received personal certificate based on a digital signature 
technique [Davis, verify the digital signature of the holder, col 5 lines 42-55]; 

a part that extracts at least one of predetermined elements in a hierarchy of a 
subject name included in the received personal certificate [Davis, filtering the selected 
data, col 9 lines 40-56]; and 

a part that determines an access right of holder of the personal certificate based 
on a value of the at least tine predetermined element (i.e.: predefined filter rules) when 
the personal certificate is successfully verified [Davis, access rights granted based upon 
the issuing CA, col 7 lines 45-53; predefined filter rules, col 8 lines 54-63] . 

5. As per claim 2, Davis discloses the at least one of the predetermined elements is 
an organizational unit name of a predetermined hierarchy of the subject name [Davis, 
organization name, sub-fields, col 7 lines 12-30; col 9 lines 1-10]. 

6. As per claim 3, Davis discloses the predetermined elements are an 
organizational unit name of one hierarchy allocated for representing a project name and 
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a part of a common name allocated for representing a purpose of operation [Davis, 
organization name, sub-fields, col 7 lines 12-30; col 9 lines 1-10]. 

7. Claims 15,17 contain the similar limitations set forth of apparatus claim 1. 
Therefore, claims 15,17 are rejected for the similar rationale set forth in claim 1 . 

8. As per claim 8, Davis discloses an apparatus for processing a subject name 
included in a personal certificate, which receives a personal certificate in which a 
predetermined element of a subject name represents an organization to which a holder 
of the certificate belongs and an attribute other than a personal ID so as to process the 
subject name, the apparatus comprising: 

a part that receives the personal certificate [Davis, user identity, user certification, 
col 6 lines 9-46]; 

a part that extracts a predetermined element in a hierarchy of a subject name 
included in the received personal certificate [Davis, filtering the selected data, col 9 lines 
40-56]; and 

a part that determines an access right at least based on an organization to which 
a holder belongs and an attribute other than a personal ID represented by a value of the 
predetermined element [Davis, access rights granted based upon the issuing CA, col 7 
lines 45-53; predefined filter rules, col 8 lines 54-63]. 
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9. As per claim 9, Davis discloses the organizational unit name of a predetermined 
hierarchy of the subject name represents that the holder of the certificate is not a 
member of an organization represented by the organization name and that the holder 
cooperates with the organization [Davis, organization name, sub-fields, col 7 lines 12- 
30; col 9 lines 1-10]. 

10. As per claim 10, Davis discloses the organizational unit name of a predetermined 
hierarchy of the subject name represents a project name in which the holder takes part. 

11. As per claim 1 1 , Davis discloses the organizational unit name of a predetermined 
hierarchy of the subject name represents a cooperating organization name which 
cooperates with an organization represented by the organization name and to which the 
holder belongs [Davis, organization name, sub-fields, col 7 lines 12-30; col 9 lines 1-10]. 

12. As per claim 12, Davis discloses the organizational unit name of a predetermined 
hierarchy of the subject name represents a type of operation in which the holder takes 
part. 

13. As per claim 13, Davis discloses a common name in the subject name 
represents a type of operation in which the holder takes part [Davis, digital signature of 
the holder, col 5 lines 42-55]. 
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14. Claims 16,18 contain the similar limitations set forth of apparatus claim 8. 
Therefore, claims 16,18 are rejected for the similar rationale set forth in claim 8. 

1 5. As per claim 1 9, Davis discloses a personal certificate in which at least one of an 
organizational unit name and a common name of a subject name represents an 
organization to which a holder belongs and an attribute other than a personal ID are 
stored [Davis, organization name, sub-fields, col 7 lines 12-30; col 9 lines 1-10]. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

16. Claims 5-7 are rejected under 35 U.S.C. § 103 as being unpatentable over Davis 
et al [Davis 6,088,805] in view of Dustan et al [Dustan 5,884,312]. 

17. As per claim 5, Davis discloses a web server computer system comprising: 

a part that receives a personal certificate [Davis, user identity, user certification, 
col 6 lines 9-46]; 

a part that verifies the received personal certificate based on a digital signature 
technique [Davis, verify the digital signature, col 5 lines 42-55]; 
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a part that extracts at least one of predet4rmined elements in a hierarchy of a 
subject name included in the received personal certificate [Davis, filtering the selected 
data, col 9 lines 40-56]; 

a part that determines an access right of a holder of the personal certificate 
based on a value of the at least one predetermined element when the received personal 
certificate is successfully verified [Davis, access rights granted based upon the issuing 
CA, col 7 lines 45-53; predefined filter rules, col 8 lines 54-63]; and 

However Davis does not details 

a part that allocates a session identifier when the received personal certificate is 
successfully verified; 

a part that stores the determined access right associated with the session 
identifier. 

It was well-known in the art that a session identifier used to compared to a user 
access right to determine a personal access [Dustan, the session ID and rights to 
execute the function, col 18 lines 54-65][see Lin, Sampson references] 

Therefore, it would have been obvious to one having ordinary skill in the art at 
the time the invention was made to incorporate technique of determine the access right 
associated with the session identifier as taught by Dustan into the Davis's apparatus in 
order to utilize the user identification or digital signature. Doing so would provide a 
security process for user access to Internet. 
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18. As per claim 6, Davis-Dustan disclose the at least one of the predetermined 
elements is an organizational unit name of a predetermined hierarchy of the subject 
name [Davis, organization name, sub-fields, col 7 lines 12-30; col 9 lines 1-10]. 



19. As per claim 7, Davis-Dustan disclose the predetermined elements are an 
organizational unit name of one hierarchy allocated for representing a project name and 
a part of a common name allocated for representing a purpose of operation [Davis, 
organization name, sub-fields, col 7 lines 12-30; col 9 lines 1-10]. 



20. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to examiner Thong Vu, whose telephone number is (703)-305-4643. 
The examiner can normally be reached on Monday-Thursday from 8:00AM- 4:30PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Jack Harvey, can be reached at (703) 305-9705. 

Any inquiry of a general nature or relating to the status of this application should be 
directed to the Group receptionist whose telephone number is (703) 305-9700. 

Any response to this action should be mailed to: Commissioner of Patent and 
Trademarks, Washington, D.C. 20231 or faxed to : 
After Final (703) 746-7238 
Official: (703) 746-7239 
Non-Official (703) 746-7240 
Hand-delivered responses should be brought to Crystal Park 1 1,2121 Crystal Drive, 
Arlington. VA., Sixth Floor (Receptionist). 



Thong Vu 
Patent Examiner 
Art Unit 2142 




